Annotate

spec/util_roles_spec.lua @ 13098:65d2ff6e674e

mod_tokenauth: Return error instead of session for token without role Such a session triggers errors in module:may or other places since it is generally expected that a session must have a role.
author Kim Alvefur <zash@zash.se>
date Sun, 07 May 2023 20:33:03 +0200
parent 12754:a92ca737d05f
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
12747
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
1 describe("util.roles", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
2 randomize(false);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
3 local roles;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
4 it("can be loaded", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
5 roles = require "util.roles";
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
6 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
7 local test_role;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
8 it("can create a new role", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
9 test_role = roles.new();
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
10 assert.is_not_nil(test_role);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
11 assert.is_truthy(roles.is_role(test_role));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
12 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
13 describe("role object", function ()
12753
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
14 it("can be initialized with permissions", function ()
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
15 local test_role_2 = roles.new({
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
16 permissions = {
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
17 perm1 = true;
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
18 perm2 = false;
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
19 };
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
20 });
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
21 assert.truthy(test_role_2:may("perm1"));
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
22 assert.falsy(test_role_2:may("perm2"));
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
23 end);
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
24 it("has a sensible tostring", function ()
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
25 local test_role_2 = roles.new({
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
26 id = "test-role-2";
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
27 name = "Test Role 2";
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
28 });
12754
a92ca737d05f util.roles: Fix tests to use autogenerated role id
Matthew Wild <mwild1@gmail.com>
parents: 12753
diff changeset
29 assert.truthy(tostring(test_role_2):find(test_role_2.id, 1, true));
12753
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
30 assert.truthy(tostring(test_role_2):find("Test Role 2", 1, true));
2eb02b32bb4c util.roles: Add some more missing test cases
Matthew Wild <mwild1@gmail.com>
parents: 12747
diff changeset
31 end);
12747
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
32 it("is restrictive by default", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
33 assert.falsy(test_role:may("my-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
34 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
35 it("allows you to set permissions", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
36 test_role:set_permission("my-permission", true);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
37 assert.truthy(test_role:may("my-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
38 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
39 it("allows you to set negative permissions", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
40 test_role:set_permission("my-other-permission", false);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
41 assert.falsy(test_role:may("my-other-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
42 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
43 it("does not allows you to override previously set permissions by default", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
44 local ok, err = test_role:set_permission("my-permission", false);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
45 assert.falsy(ok);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
46 assert.is_equal("policy-already-exists", err);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
47 -- Confirm old permission still in place
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
48 assert.truthy(test_role:may("my-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
49 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
50 it("allows you to explicitly override previously set permissions", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
51 assert.truthy(test_role:set_permission("my-permission", false, true));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
52 assert.falsy(test_role:may("my-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
53 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
54 describe("inheritance", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
55 local child_role;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
56 it("works", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
57 test_role:set_permission("inherited-permission", true);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
58 child_role = roles.new({
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
59 inherits = { test_role };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
60 });
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
61 assert.truthy(child_role:may("inherited-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
62 assert.falsy(child_role:may("my-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
63 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
64 it("allows listing policies", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
65 local expected = {
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
66 ["my-permission"] = false;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
67 ["my-other-permission"] = false;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
68 ["inherited-permission"] = true;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
69 };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
70 local received = {};
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
71 for permission_name, permission_policy in child_role:policies() do
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
72 received[permission_name] = permission_policy;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
73 end
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
74 assert.same(expected, received);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
75 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
76 it("supports multiple depths of inheritance", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
77 local grandchild_role = roles.new({
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
78 inherits = { child_role };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
79 });
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
80 assert.truthy(grandchild_role:may("inherited-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
81 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
82 describe("supports ordered inheritance from multiple roles", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
83 local parent_role = roles.new();
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
84 local final_role = roles.new({
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
85 -- Yes, the names are getting confusing.
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
86 -- btw, test_role is inherited through child_role.
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
87 inherits = { parent_role, child_role };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
88 });
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
89
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
90 local test_cases = {
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
91 -- { <final_role policy>, <parent_role policy>, <test_role policy> }
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
92 { true, nil, false, result = true };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
93 { nil, false, true, result = false };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
94 { nil, true, false, result = true };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
95 { nil, nil, false, result = false };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
96 { nil, nil, true, result = true };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
97 };
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
98
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
99 for n, test_case in ipairs(test_cases) do
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
100 it("(case "..n..")", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
101 local perm_name = ("multi-inheritance-perm-%d"):format(n);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
102 assert.truthy(final_role:set_permission(perm_name, test_case[1]));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
103 assert.truthy(parent_role:set_permission(perm_name, test_case[2]));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
104 assert.truthy(test_role:set_permission(perm_name, test_case[3]));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
105 assert.equal(test_case.result, final_role:may(perm_name));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
106 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
107 end
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
108 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
109 it("updates child roles when parent roles change", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
110 assert.truthy(child_role:may("inherited-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
111 assert.truthy(test_role:set_permission("inherited-permission", false, true));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
112 assert.falsy(child_role:may("inherited-permission"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
113 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
114 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
115 describe("cloning", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
116 local cloned_role;
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
117 it("works", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
118 assert.truthy(test_role:set_permission("perm-1", true));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
119 cloned_role = test_role:clone();
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
120 assert.truthy(cloned_role:may("perm-1"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
121 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
122 it("isolates changes", function ()
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
123 -- After cloning, changes in either the original or the clone
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
124 -- should not appear in the other.
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
125 assert.truthy(test_role:set_permission("perm-1", false, true));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
126 assert.truthy(test_role:set_permission("perm-2", true));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
127 assert.truthy(cloned_role:set_permission("perm-3", true));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
128 assert.truthy(cloned_role:may("perm-1"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
129 assert.falsy(cloned_role:may("perm-2"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
130 assert.falsy(test_role:may("perm-3"));
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
131 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
132 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
133 end);
9d6d64fb7641 util.roles: Add tests
Matthew Wild <mwild1@gmail.com>
parents:
diff changeset
134 end);